package org.zhouhe.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;

import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;

public class SecurityMetadataSourceImpl implements FilterInvocationSecurityMetadataSource {  
  
    private static Map<String, Collection<ConfigAttribute>> resourceMap = null;  
  
    public Collection<ConfigAttribute> getAllConfigAttributes() {  
        return null;  
    }  
  
    public boolean supports(Class<?> clazz) {  
        return true;  
    }  
    //加载所有资源与权限的关系  
    private void loadResourceDefine() {  
        if(resourceMap == null) {  
            resourceMap = new HashMap<String, Collection<ConfigAttribute>>();  
                Collection<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();  
                //以权限名封装为Spring的security Object  
                ConfigAttribute configAttribute = new SecurityConfig("ROLE_EIPP");  
                configAttributes.add(configAttribute);  
//                resourceMap.put("resource.getUrl()", configAttributes);
                resourceMap.put("/ab/cc.do", configAttributes);
        }  
    }  
    //返回所请求资源所需要的权限  
    public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {  
          
        String requestUrl = ((FilterInvocation) object).getRequestUrl();  
        System.out.println("requestUrl is " + requestUrl);  
        if(resourceMap == null) {  
            loadResourceDefine();  
        }  
        return resourceMap.get(requestUrl);  
    }  
  
}  